Analysts at several
cybersecurity firms have confirmed that a
cyberattack that struck Europe on Tuesday is using a powerful and
dangerous cyberweapon created by the National Security Agency and
leaked in April.

The cyberattack, dubbed "Petya," bears the hallmarks of last
month's "WannaCry" ransomware attack, which swept across 150
countries and crippled transportation systems and major
hospitals. Petya is using an NSA zero-day exploit known as
EternalBlue to spread.

Zero-day exploits are tools that take advantage of software
vulnerabilities hackers can use to get into computer programs and
data. EternalBlue exploits a loophole in Microsoft Windows and
was part of a slew of NSA cyberweapons posted online in April by
the hacker group Shadow Brokers.

Matthew Hickey, a security expert, told Ars Technica
that the leak was "by far the most powerful cache of exploits
ever released."

"For many, many years, while it was a secret, the NSA could use
[EternalBlue] to unlock any door of any computer network in the
world," Martin said. "It was the ultimate cyberweapon for
espionage."

A variation of EternalBlue was used in May's WannaCry attack,
which was stalled and shut down when Marcus Hutchins, a
22-year-old security researcher in England,
found and activated a "kill switch" in the code. Since then,
hackers have been tweaking WannaCry's code to get around a
potential kill switch and carry out a more widespread global
attack,
Politico reported.

Petya's code was written on June 18, according to Kaspersky Lab,
a Russian cybersecurity firm.

The
headquarters of the Russian cybersecurity company Kaspersky Lab
in Moscow.Thomson
Reuters

Petya is more sophisticated than WannaCry, said Alex Hamerstone,
a cybersecurity expert at TrustedSec.

"It appears to use a lot of the same elements [as WannaCry], but
it's spreading and replicating itself in a more sophisticated
way," he said. "And this attack is not just encrypting files —
it's encrypting at a deeper level than that."

The cybersecurity firm FireEye told The Financial
Times that rather than encrypting files, Petya holds the
entire system hostage until a ransom has been paid.

The ransomware hit several European countries and corporations,
including Ukraine's central bank and its capital's main airport;
the Russian state-owned oil giant, Rosneft; the British
advertising company WPP; the pharmaceutical giant Merck; and the
shipping company A.P. Moller-Maersk.

The malware demands a ransom in bitcoin for victims to recover
their data. Twenty-seven had paid as of Tuesday afternoon,
according to Politico.

After the attack, Merck reportedly instructed all
employees to turn off their work computers indefinitely amid
a "companywide shutdown."

Martin said the implications of Tuesday's attack were "really
scary, because these sophisticated cyberweapons are out in the
open. Any cybercriminal, terrorist organization, or foreign
government can take these tools, weaponize them, and run their
own attack."

In 2015, a massive cyberattack
leveled against the country's power grid cut electricity to
almost 250,000 Ukrainians. Cybersecurity experts linked the
attack to IP addresses associated with Russia. Since then,
Wired magazine's Andy
Greenberg reported last week, Ukraine has seen an increasing
number of Ukrainian corporations and government agencies hit by
cyberattacks in a "rapid, remorseless succession."

Ukraine is now host to what may turn into a full-blown cyberwar,
Greenberg reported. Two separate attacks on the country's power
grid were part of a "digital blitzkrieg" that had been waged
against Ukraine for the past three years.

"You can't really find a space in Ukraine where there
hasn't been an attack," Kenneth
Geers, a NATO ambassador focusing on cybersecurity, told Wired.

It's unclear where Tuesday's cyberattack originated.

"In cases like this and with the WannaCry attack, we can see that
bad actors, whoever they may be, can continually up the ante and
sophistication of how damaging these attacks are," Martin said.

He added that "this is about unfettered access and being able to
infect any machine in the world."

May's WannaCry attack was linked to the North Korean government,
"and although North Korea is well-organized, they've been shown
to have lots of mistakes in attacks they've waged in the past,"
Martin said.

If Petya is found to have originated from hackers with links to
Russia, however, "we can expect that this attack will be much
more far-reaching and sophisticated."